In our blog series on the current state of ransomware, we have presented an in-depth analysis of the four most prevalent variants and described various aspects of their operation, their infection mechanisms and the geographic distribution of each variant across the globe.
Those variants are: CryptoWall, TorrentLocker, CTB-Locker and TeslaCrypt.
Now we will explore several less common but more novel variants: viral ransomware (VirLock), ThreatFinder, CrypVault and PowerShell-based ransomware (Los Pollos Hermanos).
So far, our series on the current state of ransomware has taken an in-depth look at three ransomware families: CryptoWall, TorrentLocker and CTB-Locker. Today we’ll talk about the variant known as TeslaCrypt.
TeslaCrypt (a.k.a. EccKrypt) is one of the most recent ransomware variants we’ve seen widely that encrypts certain user files and demands a ransom be paid to decrypt the files. Similar to other variants, it uses an AES symmetric algorithm to encrypt files.
TeslaCrypt is distributed widely via the Angler exploit kit and a few other known exploit kits. Using Angler, it exploits Adobe Flash (CVE-2015-0311) and, once successfully exploited, it downloads TeslaCrypt as a payload.
In our series on the current state of ransomware, we previously looked at CryptoWall and TorrentLocker. In this post, we’ll examine a variant called CTB-Locker.
CTB-Locker is a ransomware variant that encrypts files on a victim’s hard disk before demanding a ransom be paid to decrypt the files.
CTB-Locker is noteworthy for its high infection rates, use of Elliptic Curve Cryptography, Tor and bitcoins, and its multi-lingual capabilities.
The scourge of file-encrypting ransomware has emerged as a major threat since the runaway success of CryptoLocker, which first appeared in September 2013. Although law enforcement took out the CryptoLocker server infrastructure in 2014, malware authors rapidly moved in to fill the void with new variants.
With this in mind, SophosLabs threat researchers James Wyke and Anand Ajjan recently published a thorough and well-written paper entitled The Current State of Ransomware, giving their expert analysis of the newer strains, how they work, and what individuals and businesses can do to stay secure.
In our blog series looking at this research, we began with our post on one of the most prevalent ransomware families, CryptoWall. Today, we’ll take a closer look at TorrentLocker, a family of file-encrypting ransomware that is almost exclusively distributed through spam email campaigns and is noteworthy for being very geographically targeted. Both ransom notes and initial lures are localized to the targeted region, and the number of regions observed to have been targeted by TorrentLocker is considerable.
In honor of the holidays, we’ve been sharing some light-hearted holiday songs with a serious security message each day this week.
First, it was a song about unprotected data flying “over the network and through the cloud.” Then we shared a song about our “least favorite things,” from exploit kits to macro malware.
In today’s conclusion of three days of holiday security songs, we see what happens when the joy of a sleigh ride is replaced by a night of malware cleanup.
Ransomware has become one of the most widespread and damaging threats that Internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early days of fake antivirus, through Locker variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation.
SophosLabs has published new research examining the recent evolution in file-encrypting ransomware, in our paper titled The Current State of Ransomware. We look at the most prevalent variants including CryptoWall, TorrentLocker, CTB-Locker and TeslaCrypt – as well more obscure variants that employ novel or interesting techniques. In this blog post, the first in a series about ransomware, we take an in-depth look at CryptoWall.
It’s not long until we will say goodbye to this year and welcome in 2016.
But what will we see for cybersecurity in the next 12 months? Our experts have made some predictions about what we can expect in the coming year.